SMTP timed out when apf enabled...

replay147

Member
Sep 3, 2009
5
0
51
Some e-mails cannot be sent through the server while the APF is enabled. In the logs "connection timed out" message appears. No contact is established with the smtp server of the sent party. When I turn off the AFP mails are sent on a normal basis.

I write down the IP addresses of SMTP server's that do not receive mail to the allow list of the AFP, however the problem does not resolve.

Does anyone have any suggestions..
 

thewebhosting

Well-Known Member
May 9, 2008
1,199
1
68
Kindly provide me the exact logs of the error message you are receiving. You can check the logs from the /var/log/error_log. Make sure that the SMTP port address 35 and 587 are not blocked in your firewall.
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,544
13
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Some e-mails cannot be sent through the server while the APF is enabled. In the logs "connection timed out" message appears. No contact is established with the smtp server of the sent party. When I turn off the AFP mails are sent on a normal basis.

I write down the IP addresses of SMTP server's that do not receive mail to the allow list of the AFP, however the problem does not resolve.

Does anyone have any suggestions..
I suggest having your Systems Administration team temporarily enable the following two options in APF to help identify dropped packets by your firewall:
Code:
##
# [Logging and control settings]
##
# Log all traffic that is filtered by the firewall
LOG_DROP="0"

# Extended logging information; this forces the output of tcp options and
# ip options for packets passing through the log chains
LOG_EXT="0"
Once that is done, I would restart APF using it's init script:
Code:
# /etc/init.d/apf restart
You may then use a command such as the following to monitor your firewall logging of dropped packets when testing outbound e-mail:
Code:
# tail -fvn0 /var/log/messages
For example, you could start the above command to watch the syslog followed by a test of your normal outbound e-mail sending to an externally-hosted server.

Please note that APF is a third-party product and so to receive formal support for it you will need to contact the vendor from where it was obtained; a direct link to the vendor site is listed below.

Additional reference & resources:
Advanced Policy Firewall | R-fx Networks
APF firewall - Google Search
http://forums.cpanel.net/f7/third-party-applications-available-cpanel-whm-106785.html